[lxc-users] skb marks preserved inside container?
Jäkel, Guido
G.Jaekel at dnb.de
Fri Feb 20 10:54:40 UTC 2015
>-----Original Message-----
>From: lxc-users [mailto:lxc-users-bounces at lists.linuxcontainers.org] On Behalf Of Fajar A. Nugraha
>Sent: Friday, February 20, 2015 8:18 AM
>To: LXC users mailing-list
>Subject: Re: [lxc-users] skb marks preserved inside container?
>
>On Fri, Feb 20, 2015 at 12:55 PM, Hyunseok <hyunseok at ieee.org> wrote:
>> Hi,
>>
>> I was doing some experiment where I mark packets using iptables (i.e.,
>> --set-mark) on a host, and send the marked packets to a container running on
>> the host via bridge.
>>
>> I noticed that the packet marking done on the host is not preserved across
>> the container boundary. That is, the container does not see the packet
>> marks.
>> Is that an expected behavior?
>
>It should be that way. iptables mark does not modify anything on the
>acual packet, so there will not be anything about the mark in packets
>on the bridge.
Dear hs,
... therefore you have to mark the packets itself. Maybe it's passable to abuse the TOS field - it may be set and queried by iptables, too.
greetings
Guido
More information about the lxc-users
mailing list